CVE-2023-24955
Published: 09 May 2023
Summary
CVE-2023-24955 is a high-severity Code Injection (CWE-94) vulnerability in Microsoft Sharepoint Server. Its CVSS base score is 7.2 (High).
Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-2 (Flaw Remediation).
Deeper analysis
Microsoft SharePoint Server contains a remote code execution vulnerability tracked as CVE-2023-24955 and assigned CWE-94. The flaw permits an attacker to inject and execute arbitrary code on affected SharePoint installations. It carries a CVSS 3.1 base score of 7.2 reflecting network attack vector, low complexity, and the requirement for high privileges.
An authenticated user with administrative rights can send a crafted request over the network to achieve full code execution, resulting in complete compromise of confidentiality, integrity, and availability on the SharePoint server. No user interaction is required and the attack does not cross trust boundaries.
Microsoft’s advisory at msrc.microsoft.com directs administrators to apply the security update released for supported SharePoint Server versions. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, indicating that federal agencies must remediate according to the published deadlines.
The vulnerability maintains a high EPSS score of 0.9179, consistent with observed in-the-wild exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28942
Vulnerability details
Microsoft SharePoint Server Remote Code Execution Vulnerability
- CWE(s)
- KEV Date Added
- 26 March 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch that eliminates the RCE flaw in SharePoint Server.
Limits the number of accounts granted the high privileges required to trigger the authenticated code-execution path.
Enforces access-control decisions that block unauthorized or unintended code paths even for authenticated SharePoint users.